The techniques and technologies described herein relate to a data protection scheme for mobile devices. Mobile devices, such as mobile phones, play an increasingly versatile role in daily life. Many new features and services are being developed in an attempt to expand mobile phones beyond their traditional role of voice and message transmission. Some of these new features and services have more stringent requirements for data security than do existing applications. For example, the viability of mobile shopping and “mobile phone as wallet” (two mass-market and potentially lucrative services) depends on the ability of the mobile phones and the service providers to ensure the safety of the user's private information against various security threats, including the physical theft of the mobile phones and/or the illegitimate use of a mobile phone. Unauthorized possession of a user's mobile phone may lead to a compromise of the user's private and sensitive data.
Some mobile device service providers allow users to store important information at the network level such that the service providers act as data agents for the end users. Despite the conveniences of this approach, the centralization of user information in connection with network storage can be vulnerable to hacker attacks. For this reason, many consumers refuse to let online merchants maintain credit card information. Some mobile devices provide an interface to capture a user's fingerprints for use with an authentication protocol. This solution can be vulnerable because fingerprints can be relatively easy to capture, particularly if a thief has possession of the user's mobile device (which will likely contain many fingerprints).
Hardware-based solutions may be utilized to protect user data stored by mobile devices. These solutions employ encryption/decryption techniques to protect the user's sensitive data. The entire protection mechanism utilized by these solutions resides on the mobile device itself, thus making the protected data vulnerable to attack by a thief having sufficient hardware know-how, diagnostic equipment, and hacking abilities.